https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171

https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations

GitLab Inc. CWE-16

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST NVD-CWE-noinfo

OR
     *cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* versions from (including) 9.5.0 up to (excluding) 16.2.8
     *cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* versions from (including) 16.3.0 up to (excluding) 16.3.5
     *cpe:2.3:a:gitlab:gitlab:16.4.0:*:*:*:enterprise:*:*:*

OR
     *cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* versions up to (excluding) 0.9.4
     *cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* versions from (including) 1.0.0 up to (excluding) 1.0.8
     *cpe:2.3:a:hashicorp:consul:1.1.0:*:*:*:-:*:*:*
     *cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* versions from (including) 1.2.0 up to (excluding) 1.2.4

https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 No Types Assigned

https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 Exploit, Issue Tracking

https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations No Types Assigned

https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations Patch, Vendor Advisory

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.

GitLab Inc. AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

GitLab Inc. CWE-16

GitLab Inc. https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 [No types assigned]

GitLab Inc. https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations [No types assigned]